Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Jul 10th, 2026
Feed Source
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Fake lawyer & sports agent identities
Sublime Security
5mo ago
Jan 26th, 2026
Google share notification with suspicious comments
Sublime Security
5mo ago
Jan 12th, 2026
Impersonation: Employee name in subject with suspicious sender
Sublime Security
12m ago
Jul 10th, 2026
Impersonation: Executive using numbered local part
Sublime Security
5mo ago
Jan 30th, 2026
Service Abuse: Box file sharing with credential phishing intent
Sublime Security
5mo ago
Jan 12th, 2026
Service abuse: Trello board invitation with VIP impersonation
Sublime Security
5mo ago
Feb 3rd, 2026
Suspicious attachment with unscannable Cloudflare link
Sublime Security
5mo ago
Jan 12th, 2026
Suspicious request for financial information
Sublime Security
15d ago
Jun 25th, 2026
VIP / Executive impersonation in subject (untrusted)
Sublime Security
10mo ago
Aug 14th, 2025
VIP / Executive impersonation (strict match, untrusted)
Sublime Security
4mo ago
Feb 25th, 2026
VIP impersonation: Fabricated thread history with fake VIP recipients
Sublime Security
2d ago
Jul 8th, 2026
VIP impersonation: Fake forwarded indicator with VIP recipient impersonation
Sublime Security
3d ago
Jul 7th, 2026
VIP impersonation: Fake thread with display name match, email mismatch
Sublime Security
3mo ago
Apr 3rd, 2026
VIP impersonation: Invoice fraud with mobile device sign-off
Sublime Security
3d ago
Jul 7th, 2026
VIP impersonation: VIP name within a delimited subject with fake previous threads
Sublime Security
2d ago
Jul 8th, 2026
VIP impersonation: VIP payment redirect handoff via fake threads
Sublime Security
2d ago
Jul 8th, 2026
VIP impersonation: VIP recipient of previous thread with HTML generator
Sublime Security
3d ago
Jul 7th, 2026
VIP impersonation with BEC language (near match, untrusted sender)
Sublime Security
3mo ago
Mar 25th, 2026
VIP impersonation with charitable donation fraud
Sublime Security
1mo ago
Jun 5th, 2026
VIP impersonation with invoicing request
Sublime Security
2y ago
Apr 23rd, 2024
VIP impersonation with urgent request (strict match, untrusted sender)
Sublime Security
3mo ago
Mar 25th, 2026
VIP impersonation with w2 request with reply-to mismatch
Sublime Security
3mo ago
Mar 12th, 2026
VIP local_part impersonation from unsolicited sender
Sublime Security
11mo ago
Aug 12th, 2025